On Tuesday, 14 July 2020 21:18:53 CEST, Felipe Gasper wrote:
Hello,
I have domains whose length exceeds the commonName maximum. To
create a signing request for such a domain, then, I can’t put
the domain in the CSR’s subject.
Assuming that I’m interested in just a DV certificate--such
that the CSR’s subject DN actually provides no useful
information--what would the minimum-viable subject look like
from the generation-via-OpenSSL side?
1. Common Name is not used for host names for quite a few years now
2. most commercial CAs completely ignore any data in the CSR but the public
key
3. Subject DN can be empty, if that will be accepted by CA is up to CAs
policy
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
